Biometric authentication of electronic signatures

ABSTRACT

At least one contemporaneous signature image is captured while a user generates an electronic signature for a document. When one or more contemporaneous signature images maps to a verification image, signature data representative of an electronic signature is associated with the document.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of pending U.S. non-provisionalpatent application Ser. No. 15/867,519 entitled “Biometric ElectronicSignatures” and filed Jan. 10, 2018, which is hereby incorporated byreference.

BACKGROUND INFORMATION

As commerce has increasingly become digital, the ability to view andsign documents electronically has become desirable. Various businesseshave offered services that allow users to generate an electronicsignature to be applied to a document in a process sometimes referred toas “e-signature” or “e-sign.” While e-signatures are generally moreefficient than getting a traditional “wet signature” on a piece ofphysical paper where the document needs to be mailed back and forth,there are security and fraud concerns associated with e-signatures.Therefore, systems and devices enhancing verification and/orauthentication of electronic signatures are desirable.

BRIEF DESCRIPTION OF THE DRAWINGS

Non-limiting and non-exhaustive embodiments of the invention aredescribed with reference to the following figures, wherein likereference numerals refer to like parts throughout the various viewsunless otherwise specified.

FIG. 1 illustrates a block diagram of an example user device forbiometric authentication of an e-signature, in accordance with anembodiment of the disclosure.

FIG. 2 illustrates a block diagram of an example user device forbiometric authentication of an e-signature, in accordance with anembodiment of the disclosure.

FIG. 3 illustrates a block diagram of an example user device forbiometric authentication of an e-signature, in accordance with anembodiment of the disclosure.

FIG. 4 illustrates a flow chart of an example process of authenticatingan e-signature using a contemporaneous signature image, in accordancewith an embodiment of the disclosure.

FIG. 5 illustrates a block diagram of an example system for biometricauthentication of an e-signature, in accordance with an embodiment ofthe disclosure.

FIG. 6 illustrates a flow chart of an example process of authenticatingan e-signature using a contemporaneous signature image, in accordancewith an embodiment of the disclosure.

DETAILED DESCRIPTION

Embodiments of systems, devices, and methods for enhancing verificationand/or authentication of electronic signatures are described herein. Inthe following description, numerous specific details are set forth toprovide a thorough understanding of the embodiments. One skilled in therelevant art will recognize, however, that the techniques describedherein can be practiced without one or more of the specific details, orwith other methods, components, materials, etc. In other instances,well-known structures, materials, or operations are not shown ordescribed in detail to avoid obscuring certain aspects.

Reference throughout this specification to “one embodiment” or “anembodiment” means that a particular feature, structure, orcharacteristic described in connection with the embodiment is includedin at least one embodiment of the present invention. Thus, theappearances of the phrases “in one embodiment” or “in an embodiment” invarious places throughout this specification are not necessarily allreferring to the same embodiment. Furthermore, the particular features,structures, or characteristics may be combined in any suitable manner inone or more embodiments.

Throughout this specification, several terms of art are used. Theseterms are to take on their ordinary meaning in the art from which theycome, unless specifically defined herein or the context of their usewould clearly suggest otherwise.

Embodiments of this disclosure are directed to enhancing theverification or authentication of an electronic signature by using abiometric image captured contemporaneously with a user's generation ofan electronic signature. For the purposes of this disclosure, the terms“electronic signature” and “e-signature” shall be used interchangeably.The biometric image may be of all or a portion of a user's face, auser's finger, or a user's retina, for example. The contemporaneouslycaptured biometric image can then be compared to a verified biometricimage associated with the user. In one illustrative example, one or moreimages are captured of a user as they generate an e-signature (eitherhandwritten electronic signature or typed electronic signature). One ormore of the contemporaneous captured images is compared to averification image or verification data (e.g. facial mapping)representative of the verification image. If the contemporaneouslycaptured image(s) maps to (is sufficiently similar) to the verificationimage or verification data, then the electronic signature that the usergenerated can be successfully associated with the document that the userwas e-signing.

The techniques described herein may be implemented in a number of ways.Example implementations are provided below with reference to thefollowing FIGS. 1-6.

FIG. 1 illustrates a block diagram of an example user device 100 forbiometric authentication of an e-signature, in accordance with anembodiment of the disclosure. The illustrated example user device 100may include a communication interface 102, an image sensor 104, adisplay 105, an input interface 106, processing logic 108, and memory110. The communication interface 102 may include wireless and/or wiredcommunication components that enable the user device 100 to transmit orreceive voice or data communication via a wireless carrier network aswell as other telecommunication and/or data communication networks.Communication interface 102 may include chips to facilitate IEEE 802.11protocols and/or BlueTooth communication, for example. User device 100may also include sensors (not illustrated) including a proximity sensor,a compass, an accelerometer, altimeter, and/or a global positioningsystem (GPS) sensor. The compass, the accelerometer, and the GPS sensormay detect orientation, movement, and geolocation of the user device100. User device 100 may be a tablet, smartphone, laptop computer,desktop computer, or otherwise.

Image sensor 104 may be a complementary metal-oxide-semiconductor (CMOS)image sensor for capturing images. Image sensor 104 may be aforward-facing or rear-facing image sensor. Complimentary optics mayalso be included to give image sensor 104 camera functionality. Display105 may be a liquid crystal display (LCD) or an organiclight-emitting-diode (OLED) display, for example. Display 105 may bedisposed to emit display light on a same side of the device 100 that theimage sensor 104 receives imaging light. Input interface 106 may enablea user to provide inputs to user device 100. The data input devices mayinclude, but are not limited to, combinations of one or more of keypads,keyboards, mouse devices, touchscreens, touchpad, microphones, speechrecognition packages, and any other suitable devices or otherelectronic/software selection methods. A touchscreen included in theinput interface may be layered with (e.g. overlaying) the display 105.The touchscreen may be a capacitive or resistive touchscreen, forexample.

Device hardware 114 may include other hardware that is typically locatedin a user device (e.g. a smartphone). For example, the device hardware114 may include signal converters, transceivers, antennas, hardwaredecoders and encoders, graphic processors, a SIM card slot, and/or thelike that enable the user device 100 to execute applications and providetelecommunication and data communication functions. The SIM 116 may bean integrated circuit chip that is inserted into the SIM card slot ofthe user device 100, or an embedded SIM that is hardwired into thecircuit board of the user device 100.

Processing logic 108 may be coupled to drive images onto display 105,and coupled to the image sensor 104 to initiate image captures andreceive image capture data from the image sensor 104. Processing logic108 is coupled to receive the user inputs from input interface 106.Processing logic 108 is communicatively coupled to communicationinterface 102 and wireless radio 112 to facilitate communication.Wireless radio 112 may specifically facilitate cellular data protocolssuch as 3G, 4G, LTE, and/or 5G. Processing logic 108 may include one ormore processors, microprocessors, multi-core processors, and/or FieldProgrammable Gate Arrays (FPGAs) to execute operations disclosed herein.In some embodiments, memories (not illustrated) are integrated into theprocessing logic 108 to store instructions to execute operations and/orstore data. Processing logic 108 may include analog or digital circuitryto perform the operations disclosed herein. Processing logic 108 may becoupled to read and/or write data to memory 110 and execute instructionsstored in memory 110.

The memory 110 may be implemented using computer-readable media, such ascomputer storage media. Computer-readable media may include two types ofcomputer-readable media, namely computer storage media andcommunications media. Computer storage media includes volatile andnon-volatile, removable and non-removable media implemented in anymethod or technology for storage of information such ascomputer-readable instructions, data structures, program modules, orother data. Computer storage media includes, but is not limited to, RAM,ROM, EEPROM, flash memory or other memory technology, CD-ROM, digitaloptical disks or other optical storage, magnetic cassettes, magnetictape, magnetic disk storage or other magnetic storage devices, or anyother non-transmission medium that can be used to store information foraccess by a computing device. In contrast, communication media mayembody computer-readable instructions, data structures, program modules,or other data in a modulated data signal, such as a carrier wave, orother transmission mechanism.

The processing logic 108 and the memory 110 of the user device 100 mayimplement an operating system 118, device software 120, and/or one ormore applications 122. The various software and applications may includeroutines, program instructions, objects, and/or data structures thatperform particular tasks or implement particular abstract data types.The operating system 118 may include components that enable the userdevice 100 to receive and transmit data via various interfaces (e.g.,user controls, communication interface 102, and/or memory input/outputdevices). The operating system 118 may also process data using theprocessing logic 108 to generate outputs based on inputs that arereceived via the input interface 106. For example, the operating system118 may provide an execution environment for the execution of theapplications 122. The operating system 118 may include a presentationcomponent that presents the output (e.g., display the data on anelectronic display, store the data in memory, transmit the data toanother electronic device, etc.).

The operating system 118 may include an interface layer that enablesapplications to interface with the wireless radios 112 and/or thecommunication interface 102. The interface layer may comprise publicAPIs, private APIs, or a combination of both public APIs and privateAPIs. Additionally, the operating system 118 may include othercomponents that perform various other functions generally associatedwith an operating system. The device software 120 may include softwarecomponents that enable the user device to perform functions. Forexample, the device software 120 may include basic input/output system(BIOS), Boot ROM, or a bootloader that boots up the user device 100 andexecutes the operating system 118 following power up of the device.

The applications 122 may include applications that provide utility,entertainment, and/or productivity functionalities to a user of the userdevice 100. For example, the applications 122 may further includeelectronic mail applications, remote desktop applications, web browserapplications, navigation applications, office productivity applications,audio streaming applications, video streaming applications, and/or soforth.

Memory 110 includes biometric signature authenticator 130, in FIG. 1. Inthe illustrated embodiment, biometric signature authenticator 130includes document 132, signature data 134, contemporaneous captureengine 135, verification image 148, image comparison and documentgeneration engine (ICDGE) 151, and signed document 153. Contemporaneouscapture engine 135 receives a contemporaneous signature image 139captured by image sensor 104. In FIG. 1, the biometric authentication ofthe e-signature is performed by the user device 100.

Device 100 may receive a document 132 for signing. Document 132 may beprovided to user device 100 by a remote server and received viacommunication interface 102 and/or wireless radio 112, for example.Processing logic 108 may cause document 132 to be rendered to display105 for viewing by a user of the user device 100. A signature blockinterface for the user to e-sign the document may be rendered to display105 simultaneously with the document 132. In one embodiment, a signatureblock interface for the user to e-sign is rendered after the user hasreviewed the document 132. The user can generate their e-signature inthe signature block interface by interacting with input interface 106 toprovide a signature input. For example, a user can type their name(sometimes also including a forward slash at the beginning and ending oftyping their name) using a physical keyboard or software keyboard, orgenerate a handwritten signature by “signing” a touchpad or atouchscreen with their finger or stylus. A digital representation of thesignature input is stored as signature data 134. In the case of a typede-signature, signature data may be a “string” of characters. Forhandwritten e-signatures, the signature data 134 may be an image of thehandwritten e-signature recorded by the touchpad/touchscreen. Thesignature input is received by input interface 106 subsequent to thedocument 132 being rendered to display 105.

In response to first receiving the signature input at input interface106, contemporaneous capture engine 135 causes image sensor 104 tocapture one or more contemporaneous signature images 139 to capture theuser inputting the remainder of the electronic signature or the typedelectronic signature. For example, contemporaneous capture engine 135may trigger image sensor 104 to begin image capture of contemporaneoussignature image 139 when the user types the first slash in a typede-signature or when the user first contacts the touchpad or portion ofthe touchscreen assigned to a signature block. Therefore,contemporaneous signature image(s) 139 will be captured while the useris in the act of e-signing document 132.

Contemporaneous signature image(s) 139 may be captured by a front-facingcamera on a smartphone or tablet and thus capture an image of the user'sface as they e-sign. Contemporaneous signature image(s) 139 may becaptured by a web camera included in a laptop computer or desktopcomputer and thus capture an image of the user's face as they e-sign.Contemporaneous signature image(s) 139 may include an image of the eyeof the user. Contemporaneous signature image(s) 139 may include an imageof the fingertip of the user. The image of the fingertip of the user maybe captured when a fingerprint scanner includes optics directing theimage light from a fingertip to the image sensor 104.

Image comparison and document generation engine (ICDGE) 151 receivesdocument 132, signature data 134, contemporaneous signature image(s)139, and verification image(s) 148. Verification image(s) 148 may bestored locally in memory 110 or be provided to user device 100 by aremote server. In one embodiment, prior to engaging in e-signingdocument 132, the user captures verification image(s) of the user'sface, eyes, and/or fingertips to serve as verification image(s). Atleast one contemporaneous signature image 139 is compared to at leastone of the verification images 148. The signature data 134 is associatedwith document 132 when the contemporaneous signature image 139 maps to(is sufficiently similar to) the verification image 148. In oneembodiment, data subsets or mappings of the images 139 and 148 may becompared to one another to determine whether the contemporaneoussignature image 139 is sufficiently similar to verification image 148.

In one embodiment, comparing the contemporaneous signature image 139 tothe verification image 148 includes transmitting, with the communicationmodule, a verification request from user device 100 to another computingdevice (e.g. a remote server) and receiving the verification image fromthe computing device. The verification request may be transmitted by thecommunication interface 102 and the verification image may be receivedby the communication interface 102. The verification request may includeuser credentials of the user of user device 100, in some embodiments.

In on embodiment, comparing the contemporaneous signature image 139 fromthe verification image 148 of the user includes accessing theverification image 148 from a user profile stored in the memory 110.

When the contemporaneous signature image 139 maps to the verificationimage 148, ICDGE 151 associates signature data 134 with document 132. Inthe illustrated embodiment of FIG. 1, ICDGE 151 generates a signeddocument 153 that includes the signature data 134 into document 132.When contemporaneous signature image 139 fails to map to verificationimage 148, signature data 134 is not associated with document 132 anddocument 132 remains unsigned. Therefore, a user of user device 100 thatdoes not have biometrics mapped to verification image 148 will not beable to e-sign document 132 while a user with biometrics mapped toverification image 148 will be able to e-sign document 132. In this way,security for e-signatures can be enhanced by only allowing verifiedusers to e-sign documents.

FIGS. 2 and 3 illustrate block diagrams of example user devices forbiometric authentication of an electronic signature, in accordance withan embodiment of the disclosure. FIG. 2 illustrates a laptop computer200 including a keyboard 206B, touchpad 206C, and a display 205 overlaidby a touchscreen 206A. Laptop computer further includes a camera 204.Laptop 200 may incorporate some or all of the features and components ofuser device 100. In FIG. 2, a document 280 is rendered to display 205and a signature block 270 for an e-signature 271 is also displayed. Thee-signature 271 may be inputted into signature block 270 by way oftouchpad 206C, physical keyboard 206B, or by touching a stylus or fingerto touchscreen 206A, for example. When the user begins to generate thee-signature 271 in signature block 270, the camera 204 may be activatedto capture the contemporaneous signature image(s) 139. Since the camera204 is generally configured to face the user, the camera 204 will bepositioned to capture images that include all or at least a portion ofthe user's face or eyes while they interact with the inputs 206A, 206B,and/or 206C.

FIG. 3 illustrates an example smartphone 300 having a touchscreen 306layered with display 305. Smartphone 300 may incorporate some or all ofthe features and components of user device 100. Smartphone 300 includesa forward-facing camera 304. In FIG. 3, a document 380 is rendered todisplay 305 and a signature block 370 for an e-signature 371 is alsodisplayed. The e-signature 371 may be inputted into signature block 370by way of touching a stylus or finger to touchscreen 306, for example.When the user begins to generate the e-signature 371 in signature block370, the forward-facing camera 304 may be activated to capture thecontemporaneous signature image(s) 139. Since the camera 304 isgenerally configured to face the user while the user interacts withtouchscreen 306, the camera 304 will be positioned to capture imagesthat include all or at least a portion of the user's face or eyes whilethey interact with the touchscreen 306.

FIG. 4 illustrates a flow chart of an example process 400 ofauthenticating an e-signature using a contemporaneous signature image,in accordance with an embodiment of the disclosure. Process 400 may beexecuted by one or more of the user devices disclosed herein. The orderin which some or all of the process blocks appear in process 400 shouldnot be deemed limiting. Rather, one of ordinary skill in the art havingthe benefit of the present disclosure will understand that some of theprocess blocks may be executed in a variety of orders not illustrated,or even in parallel.

In process block 405, a document (e.g. document 132, 280, or 380) isrendered to a display (e.g. 105, 205, or 305).

In process block 410, a signature input representing a user initiatingan electronic signature with the input interface (e.g. 106) is receivedby the input interface. The signature input is received subsequent torendering the document to the display.

In process block 415, in response to receiving the signature input viathe input interface, a contemporaneous signature image is captured withan image sensor (e.g. 104) to capture a user inputting the remainder ofthe electronic signature while the user is inputting the remainder ofthe electronic signature.

In one example of process blocks 405-415, after the document is renderedto the display, the user may begin e-signing the document by touching atouchpad to begin the electronic signature, selecting (with a touchpador computer mouse) a signature interface (e.g. 270 or 370), touching atouchscreen within a signature interface to e-sign, or typing a forwardslash on a keyboard to begin e-signing the document. When the userdevice senses that the user is generating an e-signature, it triggersthe image sensor to capture (using one or more discrete still images orvideo capture) the user inputting the remainder of the electronicsignature. In an embodiment where the image sensor is a forward-facingimage sensor on a smartphone or a tablet, for example, the image sensoris positioned to capture in an image all or a portion of a e-signer'sface while they e-sign. Of course, contemporaneous signature images ofthe face, eyes, or fingerprint can also be captured while thee-signature is generated, as described above.

In process block 420, the signature data representing the electronicsignature received by the input interface is stored. In one embodiment,it is stored in a memory included in the user device.

In process block 425, the contemporaneous signature image is compared toa verification image. The verification image may be included in a userprofile of the owner/user of the device. The user profile and/or theverification image may be stored in memory of the user device. In oneembodiment, the verification image is stored in a remote device (e.g. aserver). If the contemporaneous verification image maps to theverification image, process 400 proceeds to process block 430 where thesignature data is associated with the document. If the contemporaneousverification image fails to map to the verification image, process 400may return to process block 405.

In one embodiment, the contemporaneous signature image and/or theverification image is sent to an image processing server for analyzingwhether the contemporaneous verification image maps to the verificationimage in order to leverage the processing power of a cloud server. Inone embodiment, the user device sends the contemporaneous signatureimage and a verification pointer to the image processing server. Whenthe image processing server receiver the verification pointer, the imageprocessing server may fetch the verification image from a networklocation or memory location (referenced by the verification pointer) ofa separate server that is remote from both the user device and the imageprocessing server. The user device may then receive a a verificationdecision message from the image processing server where the verificationdecision message indicates whether the contemporaneous signature imagemaps to the verification image. Based on the verification decisionmessage, the user device may associate the signature data to thedocument.

FIG. 5 illustrates a block diagram of an example system 599 forbiometric authentication of an e-signature, in accordance with anembodiment of the disclosure. System 599 includes one or more userdevices 500A, 500B, and/or 500C. The user's devices 500A, 500B, and 500care communicatively coupled to server(s) 514 via communication channels591A, 591B, and 591C, respectively. Communication channels 591 mayinclude wired or wireless communications utilizing IEEE 802.11protocols, BlueTooth, SPI (Serial Peripheral Interface), I²C(Inter-Integrated Circuit), USB (Universal Serial Port), CAN (ControllerArea Network), cellular data protocols (e.g. 3G, 4G, LTE, 5G), orotherwise.

FIG. 5 illustrates a server-side embodiment where at least a portion ofthe e-signature authentication processing is performed by a computingdevice other than the user device 100. This may save battery life ofuser device 100 and/or be a more efficient use of network resources. InFIG. 5, server(s) 514 may include communication interface 502, one ormore processors 504, memory 506, and hardware 508. The communicationinterface 502 may include wireless and/or wired communication componentsthat enable the server(s) 514 to transmit data to and receive data fromother networked devices. The hardware 508 may include additional userinterface, data communication, or data storage hardware. For example,the user interfaces may include a data output device (e.g., visualdisplay, audio speakers), and one or more data input devices. The datainput devices may include, but are not limited to, combinations of oneor more of keypads, keyboards, mouse devices, touch screens that acceptgestures, microphones, voice or speech recognition devices, and anyother suitable devices.

The memory 506 may be implemented using computer-readable media, such ascomputer storage media. Computer-readable media may include two types ofcomputer-readable media, namely computer storage media andcommunications media. Computer storage media includes volatile andnon-volatile, removable and non-removable media implemented in anymethod or technology for storage of information such ascomputer-readable instructions, data structures, program modules, orother data. Computer storage media includes, but is not limited to, RAM,ROM, EEPROM, flash memory or other memory technology, CD-ROM, digitalversatile disks (DVD), high-definition multimedia/data storage disks, orother optical storage, magnetic cassettes, magnetic tape, magnetic diskstorage or other magnetic storage devices, or any other non-transmissionmedium that can be used to store information for access by a computingdevice. In contrast, communication media may embody computer-readableinstructions, data structures, program modules, or other data in amodulated data signal, such as a carrier wave, or other transmissionmechanism.

Memory 510 includes biometric signature authenticator module 530. In theillustrated embodiment, biometric signature authenticator module 530includes user credentials 537, document 532, signature data 534, and oneor more contemporaneous signature images 539. In the illustratedembodiment, biometric signature authenticator module 530 also includesimage database 540, verification image(s) 548, image comparison anddocument generation engine (ICDGE) 551, and signed document 553.

FIG. 6 illustrates a flow chart of an example process 600 ofauthenticating an e-signature using a contemporaneous signature image,in accordance with an embodiment of the disclosure. Process 600 may beperformed by server(s) 514. Users may use any of devices 500A, 500B, or500C to generate an e-signature. The order in which some or all of theprocess blocks appear in process 600 should not be deemed limiting.Rather, one of ordinary skill in the art having the benefit of thepresent disclosure will understand that some of the process blocks maybe executed in a variety of orders not illustrated, or even in parallel.

In process block 605, a document request is received with thecommunication interface (e.g. 502). Any of devices 500A, 500B, or 500Cmay generate a document request, for example, and transmit the documentrequest via communication channel(s) 591. The document request mayidentify a document for signature using a document identifier.

In process block 610, the document identified by the document identifieris transmitted to the user device, with the communication interface, viacommunication channel 591. The document may be transmitted to the userdevice in response to receiving the document request.

In process block 615, signature data (e.g. 534) representative of asignature of the user inputted into one of the devices 500 is receivedwith the communication interface.

In process block 620, one or more contemporaneous signature images 539is received with the communication interface. The contemporaneoussignature image was captured while the signature data representative ofthe signature was generated by the user.

In process block 625, user credentials (e.g. 537) are received with thecommunication interface. In one embodiment, the user credentials are thesame user credentials to access or unlock the user device 500. In oneembodiment, the user credentials are associated with an application ofthe user device 500. In one embodiment, the user credentials areassociated with a web browser application of the user device 500.

In process block 630, a verification query is generated that includesthe user credentials as an argument. In one embodiment, image database540 stores a plurality of user profiles that include verificationimage(s) linked to each user profile. Image database 540 may be storedlocally on server 514 (as illustrated in FIG. 5) or may be stored on aserver remote to server 514. By querying the image database 540 with averification inquiry including the user credentials, the image database540 may respond with the verification image (e.g. 548) associated withthe user credentials 537, as in process block 635.

In process block 640, the contemporaneous signature image (e.g. 539) iscompared to a verification image (e.g. 548). If the contemporaneousverification image maps to the verification image, process 600 proceedsto process block 645 where the signature data is associated with thedocument. In FIG. 5, ICDGE 551 generates a signed document 553 thatincludes document 532 and signature data 534 when the contemporaneoussignature image 539 maps to verification image 548. If thecontemporaneous verification image fails to map to the verificationimage, process 600 may transmit an alert to a signature requestor wherethe alert includes the document identifier and/or the document. Forexample, if user device 500C provided document 532 for e-signature by auser of device 500A and user device 500A provided a contemporaneoussignature image that did not map to a verification image 548 of userdevice 500A, it is possible that a fraudulent e-signature was attemptedby a nefarious user of device 500A. Hence, the alert generated inprocess block 650 may alert the signature requestor user of device 500Cthat a potentially fraudulent e-signature was attempted. Notably, if thecontemporaneous signature image does not map to the verification imagein process block 640, the signature data is not associated with thedocument. Therefore, ICDGE 551 would not generate signed document 553,in FIG. 5.

The processes explained above are described in terms of computersoftware and hardware. The techniques described may constitutemachine-executable instructions embodied within a tangible ornon-transitory machine (e.g., computer) readable storage medium, thatwhen executed by a machine will cause the machine to perform theoperations described. Additionally, the processes may be embodied withinhardware, such as an application specific integrated circuit (“ASIC”) orotherwise.

A tangible non-transitory machine-readable storage medium includes anymechanism that provides (i.e., stores) information in a form accessibleby a machine (e.g., a computer, network device, personal digitalassistant, manufacturing tool, any device with a set of one or moreprocessors, etc.). For example, a machine-readable storage mediumincludes recordable/non-recordable media (e.g., read only memory (ROM),random access memory (RAM), magnetic disk storage media, optical storagemedia, flash memory devices, etc.).

The above description of illustrated embodiments of the invention,including what is described in the Abstract, is not intended to beexhaustive or to limit the invention to the precise forms disclosed.While specific embodiments of, and examples for, the invention aredescribed herein for illustrative purposes, various modifications arepossible within the scope of the invention, as those skilled in therelevant art will recognize.

These modifications can be made to the invention in light of the abovedetailed description. The terms used in the following claims should notbe construed to limit the invention to the specific embodimentsdisclosed in the specification. Rather, the scope of the invention is tobe determined entirely by the following claims, which are to beconstrued in accordance with established doctrines of claiminterpretation.

1. A device comprising: a camera configured to initiate image capturesof received imaging light; a display disposed to emit display light; andan input interface, wherein the device is configured to: render, withthe display, a document; receive, via the input interface, a signatureinput representing a user initiating an electronic signature with theinput interface; in response to receiving the signature input with theinput interface, capturing a contemporaneous signature image with thecamera to capture the user inputting a remainder of the electronicsignature, the contemporaneous signature image includes at least aportion of an eye of the user; storing signature data representing theelectronic signature received by the input interface; comparing thecontemporaneous signature image to a verification image; and associatingthe signature data to the document when the contemporaneous signatureimage maps to the verification image.
 2. The device of claim 1, whereinthe device further comprises a communication module coupled to send andreceive data, and wherein comparing the contemporaneous signature imageto the verification image includes: transmitting, with the communicationmodule, a verification request from the device to a computing device,wherein the verification request includes user credentials of the userof the device; and receiving, with the communication module, theverification image from the computing device.
 3. The device of claim 1further comprising a memory, wherein the verification image is stored inthe memory, and wherein comparing the contemporaneous signature image tothe verification image includes accessing the verification image fromthe memory.
 4. The device of claim 1, wherein the device furthercomprises a communication module coupled to send and receive data, andwherein comparing the contemporaneous signature image to theverification image includes: transmitting, with the communicationmodule, the contemporaneous signature image and a verification pointerto an image processing server, wherein the verification pointer providesa location where the verification image is stored, the location beingexternal to the device and external to the image processing server; andreceiving, with the communication module, a verification decisionmessage from the image processing server, the verification decisionmessage indicating whether the contemporaneous signature image maps tothe verification image.
 5. The device of claim 1, wherein theverification image includes eye data of eyes of the user.
 6. The deviceof claim 1, wherein the input interface includes a touchscreen layeredwith the display.
 7. The device of claim 1, wherein the input interfaceincludes a touchpad.
 8. The device of claim 1, wherein the inputinterface includes a software generated signature block overlaid overthe document.
 9. The device of claim 1, wherein the camera includes acomplementary metal-oxide-semiconductor (CMOS) image sensor.
 10. Acomputer-implemented method comprising: rendering, with a display, adocument; receiving, via an input interface, a signature inputrepresenting a user initiating an electronic signature with the inputinterface; in response to receiving the signature input via the inputinterface, capturing a contemporaneous signature image with acomplementary metal-oxide-semiconductor (CMOS) image sensor to capturethe user inputting a remainder of the electronic signature while theuser is inputting the remainder of the electronic signature, wherein thecontemporaneous signature image includes at least a portion of an eye ofthe user; storing signature data representing the electronic signaturereceived by the input interface; comparing the contemporaneous signatureimage to a verification image; and associating the signature data to thedocument when the contemporaneous signature image maps to theverification image.
 11. The computer-implemented method of claim 10,wherein comparing the contemporaneous signature image to theverification image includes: transmitting a verification request from afirst device to a second device, wherein the first device includes thedisplay, the input interface, and the CMOS image sensor; and receivingthe verification image from the second device.
 12. Thecomputer-implemented method of claim 10, wherein comparing thecontemporaneous signature image to the verification image includesaccessing the verification image from a memory of a first device thatalso includes the display, the input interface, and the CMOS imagesensor.
 13. The computer-implemented method of claim 10, wherein theinput interface includes a touchscreen layered with the display.
 14. Thecomputer-implemented method of claim 10, wherein the contemporaneoussignature image is included in a video file captured by the CMOS imagesensor.
 15. The computer-implemented method of claim 10, wherein theverification image includes eye data of eyes of the user.
 16. Thecomputer-implemented method of claim 10 further comprising: transmittingan alert including a document identifier identifying the document to asignature requestor device when the contemporaneous signature imagefails to map to the verification image. 17-20. (canceled)